A simple standalone web application providing public interface.
The API gives access to database resources and returns data in JSON.
Built using Java EE and Jetty.
Implemented using DAO pattern.
Tested on H2Database v1.4.196.
-
Build using Maven
mvn install -
Create a new database
- NOTE: you can find ready-to-go database and .properties file in folder
/example_db. Use these to skip the next two steps.
- NOTE: you can find ready-to-go database and .properties file in folder
-
Initialize the database with provided script
/sakila-min.sql- by default script provides admin user as user: admin', password: 'admin'
-
Create .properties file including all necessary data:
example.propertiesurl=*url of your database* driver=*jdbc driver of your database* username=*login for your database* password=*password for your database* -
Run application with the following parameters:
-port [1024..49151]- port number that will be used by server-dbProps path- relative path to .properties file
-
Now you are able to connect at localhost:port and start sending requests!
Every user of API has to pass his username and access token along with every request:
/route?user=username&token=user_token&key1=val1&key2=val2...
Of course, all parameters can occur in any order.
Every user is created with
- role - user (standard user) or admin (administrator),
- name,
- access token,
- usage limit.
After limit requests, every user has to get his limit renewed by an admin.
Can access all public routes of the API in terms of his usage limits.
Can access all routes of the API in terms of his usage limits and has ability to:
- access all users' data,
- add new users,
- delete users,
- renew users' usage limits.
API consists of 3 public routes:
- /actors - provides access to actors data
- /films - provides access to films data
- /languages - provides access to languages data
All of the routes mentioned above provide:
-
obtaining all records under given route
/actors?... -
using multiple values of given filtering parameter
/films?id=2,3,5,7... -
obtaining a record by its id - by parameter id
/actors?id=1... -
pagination - by parameters page (counting from 0) and perPage
/films?minLength=60&page=2&perPage=10... -
ordering - by parameter order (desc, asc)
/languages?order=asc...
-
firstName
/actors?firstName=Woody... -
lastName
/actors?lastName=Williams...
You can mix title and language with both minLength and maxLength.
-
title
/films?title=twisted pirates... -
language
/films?language=mandarin... -
minLength (with duration equal or greater than)
/films?title=twisted pirates&minLength=99... -
maxLength (with duration equal or less than)
/films?language=mandarin&maxLength=99...
-
name
/languages?name=english...
Non-public (accessible only to application's admins) part of the API has 2 routes:
- /users - provides access to users data
- /admin - provides access to mechanisms of user management
Operations on these routes don't subtract from your usage limit.
-
as well as in public API, you can order and paginate the results as well as get multiple results by listing many ids
/users?page=1&perPage=5&order=asc -
filter
-
all (returns all users)
/users?filter=all... -
admin (returns all admins)
/users?filter=admin... -
user (returns all standard users)
/users?filter=user... -
noaccess (returns users that have exhausted their usage limit)
/users?filter=noaccess...
-
- action
-
add
/admin?action=add&role=user&name=foo&limit=16 -
renew
/admin?action=renew&id=256&limit=4096 -
delete
/admin?action=delete&id=65536
-
You can modify multiple records within one request, for example:
/admin?action=renew&id=1,2,4,8&limit=16,32,64,128
Thanks to @math-g for porting Sakila (sample MySQL database) to H2 dialect.
And yeah, this API is vulnerable to SQL-injection. Emm... let's call it a feature...